Add proxy_options type

Author: MarcialRosales

deps/oauth2_client/include/types.hrl

@@ -20,6 +20,13 @@
 }).
 -type openid_configuration() :: #openid_configuration{}.
 
+-record(proxy_options, {
+    proxy :: uri_string:uri_string(),
+    username :: option(string() | binary()),
+    password :: option(string() | binary())
+}).
+-type proxy_options() :: #proxy_options{}.
+
 -record(oauth_provider, {
     id :: oauth_provider_id(),
     issuer :: option(uri_string:uri_string()),
@@ -28,7 +35,8 @@
     authorization_endpoint :: option(uri_string:uri_string()),
     end_session_endpoint :: option(uri_string:uri_string()),
     jwks_uri :: option(uri_string:uri_string()),
-    ssl_options :: option(list())
+    ssl_options :: option(list()),
+    proxy_options :: option(proxy_options())
 }).
 
 -type query_list() :: [{unicode:chardata(), unicode:chardata() | true}].

deps/oauth2_client/src/oauth2_client.erl

@@ -8,7 +8,7 @@
 -export([get_access_token/2, get_expiration_time/1,
         refresh_access_token/2,
         get_oauth_provider/1, get_oauth_provider/2,
-        get_openid_configuration/2,
+        get_openid_configuration/3,
         build_openid_discovery_endpoint/3,         
         merge_openid_configuration/2,
         merge_oauth_provider/2,
@@ -94,8 +94,9 @@ drop_trailing_path_separator(Path) when is_list(Path) ->
     end.
 
 -spec get_openid_configuration(DiscoveryEndpoint :: uri_string:uri_string(),
-    ssl:tls_option() | []) -> {ok, openid_configuration()} | {error, term()}.
-get_openid_configuration(DiscoverEndpoint, TLSOptions) ->    
+    ssl:tls_option() | [], proxy_options() | undefined) -> 
+        {ok, openid_configuration()} | {error, term()}.
+get_openid_configuration(DiscoverEndpoint, TLSOptions, _ProxyOptions) ->    
     rabbit_log:debug("get_openid_configuration from ~p (~p)", [DiscoverEndpoint,
         format_ssl_options(TLSOptions)]),
     Options = [],
@@ -283,7 +284,8 @@ download_oauth_provider(OAuthProvider) ->
         undefined -> {error, {missing_oauth_provider_attributes, [issuer]}};
         URL ->
             rabbit_log:debug("Downloading oauth_provider using ~p ", [URL]),
-            case get_openid_configuration(URL, get_ssl_options_if_any(OAuthProvider)) of
+            case get_openid_configuration(URL, get_ssl_options_if_any(OAuthProvider),
+                    OAuthProvider#oauth_provider.proxy_options) of
                 {ok, OpenIdConfiguration} ->
                     {ok, update_oauth_provider_endpoints_configuration(
                         merge_openid_configuration(OpenIdConfiguration, OAuthProvider))};
@@ -527,6 +529,7 @@ get_ssl_options_if_any(OAuthProvider) ->
         undefined -> [];
         Options ->  [{ssl, Options}]
     end.
+
 get_timeout_of_default(Timeout) ->
     case Timeout of
         undefined -> [{timeout, ?DEFAULT_HTTP_TIMEOUT}];

deps/oauth2_client/test/system_SUITE.erl

@@ -325,7 +325,8 @@ get_openid_configuration(Config) ->
     SslOptions = [{ssl, ExpectedOAuthProvider#oauth_provider.ssl_options}],
     {ok, ActualOpenId} = oauth2_client:get_openid_configuration(
         build_openid_discovery_endpoint(build_issuer("https")),
-        SslOptions),
+        SslOptions,
+        ExpectedOAuthProvider#oauth_provider.proxy_options),
     ExpectedOpenId = map_oauth_provider_to_openid_configuration(ExpectedOAuthProvider),
     assertOpenIdConfiguration(ExpectedOpenId, ActualOpenId).
 
@@ -347,7 +348,8 @@ get_openid_configuration_returns_partial_payload(Config) ->
     SslOptions = [{ssl, ExpectedOAuthProvider0#oauth_provider.ssl_options}],
     {ok, Actual} = oauth2_client:get_openid_configuration(
         build_openid_discovery_endpoint(build_issuer("https")),
-        SslOptions),
+        SslOptions,
+        ExpectedOAuthProvider0#oauth_provider.proxy_options),
     ExpectedOpenId = map_oauth_provider_to_openid_configuration(ExpectedOAuthProvider),
     assertOpenIdConfiguration(ExpectedOpenId, Actual).
 
@@ -356,23 +358,26 @@ get_openid_configuration_using_path(Config) ->
     SslOptions = [{ssl, ExpectedOAuthProvider#oauth_provider.ssl_options}],
     {ok, Actual} = oauth2_client:get_openid_configuration(
         build_openid_discovery_endpoint(build_issuer("https", ?ISSUER_PATH)),
-        SslOptions),
+        SslOptions,
+        ExpectedOAuthProvider#oauth_provider.ssl_options),
     ExpectedOpenId = map_oauth_provider_to_openid_configuration(ExpectedOAuthProvider),
     assertOpenIdConfiguration(ExpectedOpenId,Actual).
 get_openid_configuration_using_path_and_custom_endpoint(Config) ->
     ExpectedOAuthProvider = ?config(oauth_provider, Config),
     SslOptions = [{ssl, ExpectedOAuthProvider#oauth_provider.ssl_options}],
     {ok, Actual} = oauth2_client:get_openid_configuration(
         build_openid_discovery_endpoint(build_issuer("https", ?ISSUER_PATH),
-        ?CUSTOM_OPENID_CONFIGURATION_ENDPOINT), SslOptions),
+        ?CUSTOM_OPENID_CONFIGURATION_ENDPOINT), SslOptions, 
+        ExpectedOAuthProvider#oauth_provider.proxy_options),
     ExpectedOpenId = map_oauth_provider_to_openid_configuration(ExpectedOAuthProvider),
     assertOpenIdConfiguration(ExpectedOpenId, Actual).
 get_openid_configuration_using_custom_endpoint(Config) ->
     ExpectedOAuthProvider = ?config(oauth_provider, Config),
     SslOptions = [{ssl, ExpectedOAuthProvider#oauth_provider.ssl_options}],
     {ok, Actual} = oauth2_client:get_openid_configuration(
         build_openid_discovery_endpoint(build_issuer("https"),
-        ?CUSTOM_OPENID_CONFIGURATION_ENDPOINT), SslOptions),
+        ?CUSTOM_OPENID_CONFIGURATION_ENDPOINT), SslOptions,
+        ExpectedOAuthProvider#oauth_provider.proxy_options),
     ExpectedOpenId = map_oauth_provider_to_openid_configuration(ExpectedOAuthProvider),
     assertOpenIdConfiguration(ExpectedOpenId, Actual).
 

deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_provider_SUITE.erl

@@ -65,6 +65,9 @@ verify_provider() -> [
     ]},
     {oauth_provider_with_issuer, [], [
         get_oauth_provider_has_jwks_uri
+    ]}, 
+    {oauth_provider_with_proxy, [], [
+        get_oauth_provider_has_proxy
     ]}
 ].
 
@@ -149,6 +152,15 @@ init_per_group(with_resource_server_id, Config) ->
     set_env(resource_server_id, ?RABBITMQ),
     Config;
 
+init_per_group(oauth_provider_with_proxy, Config) ->
+    KeyConfig = get_env(key_config, []),
+    set_env(key_config, KeyConfig ++ [
+        {proxy, build_url_to_oauth_provider(<<"/">>)},
+        {proxy_username, <<"user1">>},
+        {proxy_password, <<"pwd1">>}
+    ]),
+    Config;
+
 init_per_group(with_algorithms, Config) ->
     KeyConfig = get_env(key_config, []),
     set_env(key_config, KeyConfig ++ [{algorithms, [<<"HS256">>, <<"RS256">>]}]),
@@ -190,6 +202,14 @@ init_per_group(_any, Config) ->
 end_per_group(with_rabbitmq_node, Config) ->
     rabbit_ct_helpers:run_steps(Config, rabbit_ct_broker_helpers:teardown_steps());
 
+end_per_group(oauth_provider_with_proxy, Config) ->
+    KeyConfig = get_env(key_config, []),    
+    KeyConfig0 = proplists:delete(proxy, KeyConfig),
+    KeyConfig1 = proplists:delete(proxy_username, KeyConfig0),
+    KeyConfig2 = proplists:delete(proxy_password, KeyConfig1),
+    set_env(key_config, KeyConfig2),
+    Config;
+
 end_per_group(with_root_static_signing_keys, Config) ->
     KeyConfig = call_get_env(Config, key_config, []),
     call_set_env(Config, key_config, KeyConfig),
@@ -411,6 +431,12 @@ get_oauth_provider_has_jwks_uri(Config) ->
         ct:log("OAuthProvider: ~p", [OAuthProvider]),
     ?assertEqual(?config(jwks_uri, Config), OAuthProvider#oauth_provider.jwks_uri).
 
+get_oauth_provider_has_proxy(Config) ->
+    {ok, OAuthProvider} = get_oauth_provider(
+        ?config(oauth_provider_id, Config), [jwks_uri]),
+        ct:log("OAuthProvider: ~p", [OAuthProvider]),
+    ?assertEqual(?config(jwks_uri, Config), OAuthProvider#oauth_provider.jwks_uri).
+
 
 %% ---- Utility functions